and Devika Krishna Kumar
Michaels Stores, the biggest U.S. arts and crafts retailer, confirmed Thursday that there was a security breach at certain systems that process payment cards at its U.S. stores and that of its unit, Aaron Brothers.
The company said in January that it was working with federal law enforcement officials to investigate a possible data breach.
Michaels Stores said the breach, which took place May 8 through Jan. 27, may have affected about 2.6 million cards, or about 7 percent of payment cards used at its stores during the period.
The company said about 400,000 cards were potentially impacted at its Aaron Brothers unit by the breach, which occurred between June 26, 2013 and February 27, 2014.
There was no evidence that data such as customers' name or personal identification number were at risk, Michaels Stores said in a statement.
Michaels Stores, whose major investors are Blackstone Group (BX) and Bain Capital, said cyber security firms it hired found that malware not encountered previously had been used in the latest attack.
The company said it was working with law enforcement authorities, banks and payment processors, and that the malware no longer presents a threat.
Michaels Stores, which resubmitted its IPO documents late last month following a restructuring, is the latest U.S. retailer whose systems have been breached.
Last year, the No. 3 U.S. retailer Target (TGT) suffered a massive security breach that resulted in the theft of some 70 million customer records.
Reuters reported in January that smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target.
U.S. retailers are planning to form an industry group for collecting and sharing intelligence in a bid to prevent future attacks.
Michaels Stores, which owns several private brands such as Recollections, Artist's Loft and Loops & Threads, competes with Hobby Lobby Stores, Jo-Ann Stores and Walmart Stores (WMT).